I have a login form that checks if the username and password given by the user returns a row or not in the database. If it does, then a session cookie is stored and user is sent back to the index page. If not, the user is sent back to the login page again.
Here's a snippet of the relevant code:
cur.execute("SELECT COUNT(*) FROM users WHERE username = ? AND password = ?", (request.form['username'], request.form['password']))
data = cur.fetchone()[0]
# If given username and password returns a row, create the session
if data == 0:
return redirect(url_for('index'))
else:
session['username'] = request.form['username']
When the user is sent back to the login page again (redirect(url_for('index'))), I want to include a message on the login page saying that the given username or password is invalid.
I'm a bit lost on how to do this exactly.